Follow

I'm taking part in a survey for my company, and one of my recommendations is for home workers to be on the company (connected to our NAS) because our home network can't be guaranteed, we have to rely on storing data on a proprietary cloud storage site etc.

Please share your suggested arguments for (or against) VPN for all home workers.

Β· Β· Fedilab Β· 1 Β· 0 Β· 1

@syntax corporate laptop + all internal assets only reachable from "inside" + vpn is pretty good. But if there's no management of what apps are installed on the laptop, eg, remote access malware, it's not going to stop attackers proxying through the vpn-connected laptop and do what they like.

At least via vpn there are revokable credentials attached to the bad actor. If you monitor if accounts try to do something out of their role, monitor laptop hygiene, it can be part of a secure setup.

@hopeless
Best #VPN are #Tor and #I2P, the former being supported in part by govts. Of course, they have challenges but not unsurmountable.

We are loving the whole #corporate #massSurveillance thing that #COVID19 is ushering in by the way *wink*

#UseTor would be our recommendation.

#onionMaximallist

@syntax

@dsfgs
They're anonymity networks, not VPNs, but thanks for the feedback.
@hopeless

@dsfgs
True, there's overlap. However, Tor/I2P certainly doesn't automatically equal security. I seriously doubt a company sharing sensitive files and communications over Tor is a good idea, not being able to ascertain exit nodes etc. Members of a company don't want/need to be anonymous when communicating with each other, it would be counterintuitive.
@hopeless

@syntax
You do realise that a person gets #encyption for free when they #useTor, right?

You do not need to trust a exitNode the only thing they see is someone sending a packet to a proxy. It is specifically designed so that people can share sensitive communications and hide them from oppressive govts and the #jeffreyEpsteinClass.

If you don't trust the #openSource #freeLicence technology, that's fine. There's no need to justify that :)

@hopeless

@dsfgs
is designed for and I trust it completely. I advocate for and run a couple of Tor relays. Some further reading:
support.torproject.org/https/h
tails.boum.org/doc/about/warni

The key point here being that the exit node itself doesn't offer a layer of encryption, so the user must be using HTTPS, otherwise packet capturing is a very real threat.

@syntax
Brilliant. Will read and good to hear.

The threat is the same on the clearnet, HTTP is not secure. Tor has done a lot over the years to ensure HTTPS only. Their was an issue recently (that was resolved for niche setups). What we are saying is running an onion service gives everyone great encryption for free.

Similarly, if someone gets HTTPS wrong with a private VPN corporation the effect might still be very bad.

Sign in to participate in the conversation
Mastodon πŸ” privacytools.io

Fast, secure and up-to-date instance. PrivacyTools provides knowledge and tools to protect your privacy against global mass surveillance.

Website: privacytools.io
Matrix Chat: chat.privacytools.io
Support us on OpenCollective, many contributions are tax deductible!